-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapi.py
148 lines (114 loc) · 4.12 KB
/
api.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
from os import getenv
import json
from dotenv import load_dotenv, find_dotenv
from flask import Flask, g, request
from flask_httpauth import HTTPTokenAuth
from flask import render_template
from flask import Flask, Response, redirect, url_for, request, session, abort
from flask_login import LoginManager, UserMixin, \
login_required, login_user, logout_user
from tinydb import TinyDB, Query
from geopy.geocoders import Nominatim
from actions import process_spot
load_dotenv(find_dotenv())
app = Flask(__name__)
auth = HTTPTokenAuth(scheme='token')
# config
app.config.update(
DEBUG = True,
SECRET_KEY = getenv("SECRET_KEY", "unsafe")
)
# flask-login
login_manager = LoginManager()
login_manager.init_app(app)
login_manager.login_view = "login"
class User(UserMixin):
pass
@auth.verify_token
def verify_token(token):
if getenv("SERVER_KEY", 'unsafe') == token:
return "internal server"
@login_manager.request_loader
def request_loader(request):
email = request.form.get('email')
if not (db_user := db.table('users').search(Query().email == email)):
return
user = User()
user.id = email
user.is_authenticated = request.form['password'] == db_user[0].get('password')
return user
# callback to reload the user object
@login_manager.user_loader
def user_loader(email):
if not (db_user := db.table('users').search(Query().email == email)):
return
user = User()
user.id = email
return user
# somewhere to login
@app.route('/login', methods=['GET', 'POST'])
def login():
if request.method == 'GET':
return render_template('login.html')
email = request.form['email']
if not (db_user := db.table('users').search(Query().email == email)):
return "user not found"
if request.form['password'] == db_user[0].get('password'):
user = User()
user.id = email
login_user(user)
return redirect(request.args.get("next") or '/')
return 'Bad login'
# somewhere to logout
@app.route("/logout")
@login_required
def logout():
logout_user()
return Response('<p>Logged out</p>')
# handle login failed
@app.errorhandler(401)
def page_not_found(e):
return Response('<p>Login failed</p>')
@app.route('/')
@login_required
def index():
geolocator = Nominatim(user_agent="wheresjimmy")
try:
last_loc = db.table('locs').all()[-1]
except IndexError:
last_loc = {"lat": 35.1592248, "lng": -98.451035, "time": "no data"}
location = geolocator.reverse(f"{last_loc['lat']}, {last_loc['lng']}")
key = getenv("HERE_API_KEY")
return render_template('index.html', location=location.address, here_api_key=key, **last_loc)
@app.route('/admin', methods=['GET', 'POST'])
@login_required
def admin():
if request.method == 'GET':
if request.args.get("secret", "none") == getenv("ADMIN_PASS"):
return f'''
<form action='admin' method='POST'>
<input type='text' name='email' id='email' placeholder='email'/>
<input type='password' name='password' id='password' placeholder='password'/>
<input type='secret' name='secret' id='secret' placeholder='secret'/>
<input type='submit' name='submit'/>
</form>
'''
elif request.method == 'POST':
if request.form['secret'] == getenv("ADMIN_PASS"):
db.table('users').insert({"email": request.form["email"], "password": request.form['password']})
return "succ"
return "You are not allowed here"
@app.route('/spot', methods=['post'])
@auth.login_required
def spot():
data = request.form.get('data')
if data:
db.table('locs').insert(process_spot(data))
return f"processed!"
return "Invalid request"
if __name__ == '__main__':
db = TinyDB(getenv("DB_FILE", './db/db.json'))
if admin := getenv("ADMIN_USER"):
if not db.table('users').search(Query().email == admin):
db.table('users').insert({"email": admin, "password": getenv("ADMIN_PASS")})
app.run(host='0.0.0.0', port=8080)